Ask OP to revoke tokens on logout

This commit is contained in:
Hugh Nimmo-Smith 2022-07-25 15:34:35 +01:00
parent 97bea400f6
commit 9de574319e
2 changed files with 47 additions and 0 deletions

View File

@ -480,6 +480,17 @@ export class Client {
request: this._platform.request request: this._platform.request
}); });
await hsApi.logout({log}).response(); await hsApi.logout({log}).response();
const oidcApi = new OidcApi({
issuer: sessionInfo.oidcIssuer,
clientId: sessionInfo.oidcClientId,
request: this._platform.request,
encoding: this._platform.encoding,
crypto: this._platform.crypto,
});
await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access" });
if (sessionInfo.refreshToken) {
await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh" });
}
} catch (err) {} } catch (err) {}
await this.deleteSession(log); await this.deleteSession(log);
}); });

View File

@ -203,6 +203,11 @@ export class OidcApi {
return metadata["registration_endpoint"]; return metadata["registration_endpoint"];
} }
async revocationEndpoint(): Promise<string | undefined> {
const metadata = await this.metadata();
return metadata["revocation_endpoint"];
}
generateDeviceScope(): String { generateDeviceScope(): String {
const deviceId = randomString(10); const deviceId = randomString(10);
return `urn:matrix:device:${deviceId}`; return `urn:matrix:device:${deviceId}`;
@ -281,4 +286,35 @@ export class OidcApi {
return token; return token;
} }
async revokeToken({
token,
type,
}: { token: string, type: "refresh" | "access" }): Promise<void> {
const revocationEndpoint = await this.revocationEndpoint();
if (!revocationEndpoint) {
return;
}
const params = new URLSearchParams();
params.append("token_type", type);
params.append("token", token);
params.append("client_id", await this.clientId());
const body = params.toString();
const headers = new Map();
headers.set("Content-Type", "application/x-www-form-urlencoded");
const req = this._requestFn(revocationEndpoint, {
method: "POST",
headers,
format: "json",
body,
});
const res = await req.response();
if (res.status >= 400) {
throw new Error("failed to revoke token");
}
}
} }